Denial-of-service detection and mitigation for SIP communication networks

The Session Initiation Protocol (SIP) is the multimedia communication protocol of the future. Used for Voice-over-IP (VoIP), Internet Multimedia Subsystem (IMS) and Internet Protocol Television (IPTV), its concepts are based on mature and open standards and its use is increasing rapidly within recent years. However, with its acceptance as a mainstream communication platform, security concerns become ever more important for users and service providers. In this thesis we identify different attacks on SIP-based networks with the focus on Denial-of-Service attacks (DoS) flooding attacks. We evaluate SIP infrastructure for DoS attack possibilities and demonstrate a completely new attack which utilises a combination of the SIP and Domain Name Service (DNS) system. We propose three different DoS detection and mitigation schemes, including one to handle this particular SIP DNS attack. We also provide a first step into Distributed DoS mitigation by introducing a firewall pinholing scheme. Distributed DoS mitigation is only marginally addressed by current research works. We also evaluate the requirements for a self-sufficient and scalable SIP security framework, where attack countermeasures can be evaluated and tested. We use this framework for our solutions and validate their effectiveness for DoS mitigation. With these solutions, general SIP networks will be more robust against flooding DoS and Distributed DoS attacks.